#1311 Extension/Modification of -spf parameter, !Security relevant!

[Tester7]

I would like to replace WinRAR as a simple and fast backup tool, and i miss this function in 7zip.
I make a backup of most important files and Directorys from multiple drives.
All drives have a "Data" directory, but different data/paths in it.

This is the BAT i use to replace WinRAR as backuper:
7z a -t7z -r -spf -ssw -scsUTF-8 "C:\...\Backup.7z" @"Backup.lis" -x@"Backup.not"

Example for Backup.lis could be:
C:\Data\.
D:\Data\.
E:\Data\.
F:\Data\.

Example for Backup.not could be:
.tmp
.bak

---

WinRAR uses "-ep3" as parameter to store the full path, and the drive letters are stored as C_ NOT! C:
For obvious security reasons WinRAR changes the drive letter path from "C:" to "C_".

7zip has now the parameter "-spf" but different to WinRAR it saves the drives with ":" so "C:"
This can be VERY VERY dangerous for original files.
This is a quot from the 7zip help file:
"Please be careful, if you use -spf switch with "extract" command. Check that file names in archive are correct. Note that with -spf switch 7-Zip can try to rewrite any file with path specified in archive."

! This function could even be used for malicious 7zip files. Where ever you unpack a 7zip, it could overwrite a important file, instead to create a sub directory structure in the actual Path.
! Unpacking with a drive letter should only be possible with a special switch, and a security warning bevor the unpacking process begins, ignoring "-y". Or all drive letters should be unpacked always as a sub directory, like "..\C_\..". there is no good reason to store drive letters in a pack file. If a original file should be overwritten, the user can unpack the file intentionally in the root directory. The present behavior of 7z it counter intuitive and dangerous, also a unevaluated ok-reply without "-y" is done quick.
! With parameter "-y", this function can be a data killer.

Could 7zip implement a parameter witch a similar behavior like WinRAR? For example "-spf_", or change the behavior of "-spf" to create "C_" instead of "C:". (Same for other OS like Linux)
I would favorite if 7z is totally unable to store drive letters/names them self, but change them to directorys, like WinRAR does it.
Yes, 7z can then not be used for a exact placement of a file, but security gos first, i think. And for exact placements of files are Installers used, (maybe with 7z as packer). Users give more care for the sources of installers then for pack files. Most users expect that a unpack is ONLY possible in the actual subdirectory/path (I did until now, and i am a coder since 30 yeas).

(To code und realize this is very simple and fast, and would help all who use 7zip as backuper. I would switch then to 7z, and 7z could delete the "Please be careful..." note out of the help file.)

See:
https://sourceforge.net/p/sevenzip/feature-requests/1018/
https://sourceforge.net/p/sevenzip/feature-requests/1121/

Tanks

[Igor Pavlov]

Think about it more and maybe test some "dangerous" cases.
Some hints:
1) Any "Create" operation with any switch is not "dangerous".
2) "dangerous" is only "extract" operation with -spf switch.
So it's not important how archive is created.
In any case we need careful "extract" operation.
Note that hackers can create even rar archives with c:\windows paths.

And it's simpler to store and restore names like

c:\path1\path2

when they have real c:\path1 names.
That is why 7-zip stores real paths with -spf.